Tackling Mobile Security Risks for Government

As mobility becomes more pervasive, these words have become engrained in our work/life culture. The issue of cyber crime has earned national news headlines as governments across the globe grapple with how to build both secure and mobile-enabled infrastructures.

A few weeks ago, Cisco and Mobile Work Exchange released findings from a self-assessment tool that highlights some interesting statistics, enabling us to better understand mobile security best practices and vulnerabilities. The report specifically looks at government employees, 90 percent of whom claim to use at least one mobile device for work, and reveals that many government workers (41 percent) are putting themselves and their agencies at risk.

Here are a few other compelling findings:

On mobile devices, 31 percent use a public Wi-Fi connection and 25 percent do not set passwords.

6 percent of government employees who use a mobile device for work say they have lost or misplaced their phone. In the average Federal agency, that’s more than 3,500 chances for a security breach.

Despite the Federal Digital Government Strategy, more than one in four government employees have not received mobile security training from their agencies.

The amount of security breaches that have made the news in the past year may come as no surprise given this information. These facts speak to the need for employees to reevaluate their mobile security behaviors and for government agencies to strengthen mobile security protocols.

As the shift toward mobility and cloud services places a greater security burden on endpoints and mobile devices, which in some cases may never even touch the corporate network, we propose that government agencies embrace a two-fold approach to help mitigate these concerns.

Step #1: Train Government Employees about Potential Threats

Informing employees about the potential risks and threats when using either their own device or an agency-issued device can go a long way in helping thwart malicious attacks.

According to a recent blog post by Cisco’s Brett Belding, this type of employee-led behavior can help shape the future of mobility. Users should be encouraged to have an open dialogue with IT teams about secure mobile use and what today’s advanced threats look like and how to avoid them. This will only grow more important as the number and types of connected devices – such as wearables—become more pervasive in government agencies.

Step #2: Institute a Formal Program for Managing Mobile Devices

For many government agencies, it’s difficult to manage the influx in types of connected equipment, especially with a limited IT budget.

To cover the entire attack continuum, agencies need to address a broad range of attack vectors with solutions that operate everywhere the threat can manifest itself: on the network, on endpoints, on mobile devices and in virtual environments.

According to Cisco’s 2014 Annual Security Report, instituting a formal program for managing mobile devices to help ensure that any device is secure before it can access the network is one solution to improve security. At the very least, a personal identification number (PIN) lock should be required for user authentication and the security team should be able to turn off or wipe clean the device remotely if it is lost or stolen.

All organizations – especially government and public sector agencies – should be concerned about finding the right balance of trust, transparency and privacy in their mobility strategy, because a great deal is at stake. However, by evaluating this two-fold approach, government agencies can avoid losing out on the benefits of mobility and instead, reap its rewards. Through a secure approach to mobility, agencies can experience increased productivity and lower operating costs, ultimately benefiting the public they serve.

We'd love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

From my recent own experience, Anti virus has no function at all.. I purchase norton 360 premier and scan no virus at all, no malware at all. After that i purchase Avast as i see that at Jakarta there is a distributor there.. My LAN is controlled.. my friend help me by using tddskiller.exe Kapersky . Found out 420plus rootkit attacks.. All is attacking network, and it is spreading to all Mobiles..
I have save the scan log for the scan tddskiller..
I am now very very confuse which browser is good, which anti virus is best. what is the point using internet actually??
please advice.. Thanks

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.